updatetask.exe

This is part of various InstallCore adware bundles and is designed to run daily and maintain the current state of the installed product(s) offeres (mostly unwanted adware) by connecting to a remote server for configuration instructions. The application updatetask.exe has been detected as adware by 6 anti-malware scanners. It is installed as a toolbar in Internet Explore as ‘Zend Studio’. It runs as a scheduled task under the Windows Task Scheduler named DigitalSite triggered daily at a specified time. Additionally, the file is typically installed by a number of programs including Update for Codec Pack by installCore and Update for Zip Opener by installCore, both potentially unwanted software.
MD5:
c7accbe7e79c17f230b44367a8a3ccd2

SHA-1:
f616bb4167cc48d1d46fda59802bd99b75631f44

SHA-256:
e952c964338742cca1f2b7af4caabff11f669225a6d35fd9dceea0384c3164d6

Scanner detections:
6 / 68

Status:
Adware

Explanation:
The update task for the InstallCore download manager.

Analysis date:
11/27/2024 7:45:23 PM UTC  (today)

Scan engine
Detection
Engine version

Boost by Reason
Optional.Task.K
188432

Dr.Web
Adware.Downware.1620
9.0.1.0321

ESET NOD32
Win32/DealPly
7.9126

Malwarebytes
PUP.Optional.DigitalSites.A
v2013.11.17.06

Reason Heuristics
PUP.UpdateProc.Task.K
14.3.3.16

Sophos
Generic PUA PG
4.95

File size:
99 KB (101,376 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\roaming\digitalsite\updateproc\updatetask.exe

File PE Metadata
Compilation timestamp:
6/19/1992 6:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:KTPrZL/cchPrbaz5SOPHgnMQxHGuJRa8W:KH5cAbrMwLrW

Entry address:
0x14E84

Entry point:
55, 8B, EC, 83, C4, F0, B8, 2C, 4E, 41, 00, E8, 40, FD, FE, FF, 33, C0, 55, 68, 0C, 4F, 41, 00, 64, FF, 30, 64, 89, 20, B8, 58, 6C, 41, 00, BA, 20, 4F, 41, 00, E8, 7B, EC, FE, FF, 83, 3D, 58, 6C, 41, 00, 00, 75, 0F, B8, 58, 6C, 41, 00, BA, 30, 4F, 41, 00, E8, 63, EC, FE, FF, B8, 58, 6C, 41, 00, BA, 40, 4F, 41, 00, E8, 60, EE, FE, FF, 6A, 00, 68, 24, 4C, 41, 00, 68, 70, 4D, 41, 00, 68, A4, 4D, 41, 00, B9, 54, 4F, 41, 00, 8B, 15, 58, 6C, 41, 00, B8, 88, 4F, 41, 00, E8, CA, 74, FF, FF, 33, C0, 5A, 59, 59, 64...
 
[+]

Entropy:
6.3781

Developed / compiled with:
Microsoft Visual C++

Code size:
80 KB (81,920 bytes)

Internet Explorer Toolbar
CLSID:
{95188727-288F-4581-A48D-EAB3BD027314}

CLSID name:
Zend Studio


2 Scheduled Tasks
Task name:
DigitalSite

Trigger:
Daily (Runs daily at 6:49 PM)

Task name:
MySearchDial

Trigger:
Daily (Runs daily at 19:15)


The file updatetask.exe has been discovered within the following programs.

Update for Codec Pack  by installCore
Update for Codec Pack uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.
www.installcore.com
88% remove it
Update for Codec Package  by installCore
Update for Codec Package is the update mechanism for the Install Core software which is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user.
75% remove it
Update for Image Editor  by installCore
Update for Image Editor uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.
80% remove it
Update for Mipony Download Manager is the update mechanism for the Install Core software which is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user.
72% remove it
Update for PDF Creator  by installCore
Update for PDF Creator uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.
83% remove it
Update for PDF Writer  by installCore
Update for PDF Writer uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.
75% remove it
Update for Video Converter  by installCore
This uses the InstallCore download Manager. Install Core Click run software is an installer which bundles applications with offers for additional third party programs that may be unwanted by the user incuding toolbars and browser extensions.
88% remove it
Update for Zip Extractor  by installCore
Update for Zip Extractor uses the Install Core download Manager. Install Core Click run software is an installer which bundles applications with offers for additional third party programs that may be unwanted by the user including toolbars and browser extensions.
76% remove it
Update for Zip Opener  by installCore
The software uses the InstallCore Click run software which is an installer that bundles legitimate applications that may also offer additional third party applications that may be unwanted by the user.
68% remove it
UpdaterEX  by installCore
This is a potentially unwanted background updater that is installed with a download manager and connects to info.updaterex.com for additional downloads and updated. The software is typically part of a software download bundle from the Install Core mechanism.
80% remove it
 
Latest 20 of 10 programs
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to bits-lb.esams.wikimedia.org  (91.198.174.202:80)

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.0.113:80)

TCP (HTTP):
Connects to ec2-54-245-249-144.us-west-2.compute.amazonaws.com  (54.245.249.144:80)

TCP (HTTP):
Connects to ec2-54-225-155-49.compute-1.amazonaws.com  (54.225.155.49:80)

TCP (HTTP):
Connects to ec2-54-197-227-159.compute-1.amazonaws.com  (54.197.227.159:80)

TCP (HTTP):
Connects to ec2-184-73-153-23.compute-1.amazonaws.com  (184.73.153.23:80)

Remove updatetask.exe - Powered by Reason Core Security